<?php
define("EW_PAGE_ID", "add", TRUE); // Page ID
define("EW_TABLE_NAME", 'userlevels', TRUE);
?>
<?php 
session_start(); // Initialize session data
ob_start(); // Turn on output buffering
?>
<?php include "ewcfg50.php" ?>
<?php include "ewmysql50.php" ?>
<?php include "phpfn50.php" ?>
<?php include "userlevelsinfo.php" ?>
<?php include "userfn50.php" ?>
<?php include "usersinfo.php" ?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php

// Open connection to the database
$conn = ew_Connect();
?>
<?php
$Security = new cAdvancedSecurity();
?>
<?php
if (!$Security->IsLoggedIn()) $Security->AutoLogin();
$Security->LoadCurrentUserLevel('userlevels');
if (!$Security->CanAdmin()) {
	$Security->SaveLastUrl();
	Page_Terminate("login.php");
}
?>
<?php

// Common page loading event (in userfn*.php)
Page_Loading();
?>
<?php

// Page load event, used in current page
Page_Load();
?>
<?php
$userlevels->Export = @$_GET["export"]; // Get export parameter
$sExport = $userlevels->Export; // Get export parameter, used in header
$sExportFile = $userlevels->TableVar; // Get export file, used in header
?>
<?php

// Load key values from QueryString
$bCopy = TRUE;
if (@$_GET["UserLevelID"] != "") {
  $userlevels->UserLevelID->setQueryStringValue($_GET["UserLevelID"]);
} else {
  $bCopy = FALSE;
}

// Create form object
$objForm = new cFormObj();

// Process form if post back
if (@$_POST["a_add"] <> "") {
  $userlevels->CurrentAction = $_POST["a_add"]; // Get form action
  LoadFormValues(); // Load form values

  // Load values for user privileges
  $x_ewAllowAdd = @$_POST["x_ewAllowAdd"];
  if ($x_ewAllowAdd == "") $x_ewAllowAdd = 0;
  $x_ewAllowEdit = @$_POST["x_ewAllowEdit"];
  if ($x_ewAllowEdit == "") $x_ewAllowEdit = 0;
  $x_ewAllowDelete = @$_POST["x_ewAllowDelete"];
  if ($x_ewAllowDelete == "") $x_ewAllowDelete = 0;
  $x_ewAllowList = @$_POST["x_ewAllowList"];
  if ($x_ewAllowList == "") $x_ewAllowList = 0;
  if (defined("EW_USER_LEVEL_COMPAT")) {
    $x_ewPriv = intval($x_ewAllowAdd) + intval($x_ewAllowEdit) +
      intval($x_ewAllowDelete) + intval($x_ewAllowList);
  } else {
    $x_ewAllowView = @$_POST["x_ewAllowView"];
    if ($x_ewAllowView == "") $x_ewAllowView = 0;
    $x_ewAllowSearch = @$_POST["x_ewAllowSearch"];
    if ($x_ewAllowSearch == "") $x_ewAllowSearch = 0;
    $x_ewPriv = intval($x_ewAllowAdd) + intval($x_ewAllowEdit) +
      intval($x_ewAllowDelete) + intval($x_ewAllowList) +
      intval($x_ewAllowView) + intval($x_ewAllowSearch);
  }
} else { // Not post back
  if ($bCopy) {
    $userlevels->CurrentAction = "C"; // Copy Record
  } else {
    $userlevels->CurrentAction = "I"; // Display Blank Record
    LoadDefaultValues(); // Load default values
  }
}

// Perform action based on action code
switch ($userlevels->CurrentAction) {
  case "I": // Blank record, no action required
		break;
  case "C": // Copy an existing record
   if (!LoadRow()) { // Load record based on key
      $_SESSION[EW_SESSION_MESSAGE] = "No records found"; // No record found
      Page_Terminate($userlevels->getReturnUrl()); // Clean up and return
    }
		break;
  case "A": // ' Add new record
		$userlevels->SendEmail = TRUE; // Send email on add success
    if (AddRow()) { // Add successful
      $_SESSION[EW_SESSION_MESSAGE] = "Add New Record Successful"; // Set up success message
      Page_Terminate($userlevels->KeyUrl($userlevels->getReturnUrl())); // Clean up and return
    } else {
      RestoreFormValues(); // Add failed, restore form values
    }
}

// Render row based on row type
$userlevels->RowType = EW_ROWTYPE_ADD;  // Render add type
RenderRow();
?>
<?php include "header.php" ?>
<script type="text/javascript">
<!--
var EW_PAGE_ID = "add"; // Page id

//-->
</script>
<script type="text/javascript">
<!--

function ew_ValidateForm(fobj) {
	if (fobj.a_confirm && fobj.a_confirm.value == "F")
		return true;
	var i, elm, aelm, infix;
	var rowcnt = (fobj.key_count) ? Number(fobj.key_count.value) : 1;
	for (i=0; i<rowcnt; i++) {
		infix = (fobj.key_count) ? String(i+1) : "";
		elm = fobj.elements["x" + infix + "_UserLevelID"];
		if (elm && !ew_HasValue(elm)) {
			if (!ew_OnError(elm, "Please enter required field - User Level ID"))
				return false;
		}
		elm = fobj.elements["x" + infix + "_UserLevelID"];
		if (elm && !ew_CheckInteger(elm.value)) {
			if (!ew_OnError(elm, "Incorrect integer - User Level ID"))
				return false; 
		}
		elm = fobj.elements["x" + infix + "_UserLevelName"];
		if (elm && !ew_HasValue(elm)) {
			if (!ew_OnError(elm, "Please enter required field - User Level Name"))
				return false;
		}
		elmId = fobj.elements["x" + infix + "_UserLevelID"];
		elmName = fobj.elements["x" + infix + "_UserLevelName"];
		if (elmId && elmName) {
			elmId.value = elmId.value.replace(/^\s+|\s+$/, '');
			elmName.value = elmName.value.replace(/^\s+|\s+$/, '');
			if (elmId && !ew_CheckInteger(elmId.value)) {
				if (!ew_OnError(elmId, "User Level ID must be integer"))
					return false;
			}
			var level = parseInt(elmId.value);
			if (level == 0) {
				if (elmName.value.toLowerCase() != "default") {
					if (!ew_OnError(elmName, "User level name for user level 0 must be 'Default'"))
						return false;
				}
			} else if (level == -1) { 
				if (elmName.value.toLowerCase() != "administrator") {
					if (!ew_OnError(elmName, "User level name for user level -1 must be 'Administrator'"))
						return false;
				}
			} else if (level < -1) {
				if (!ew_OnError(elmId, "User defined User Level ID must be larger than 0"))
					return false;
			} else if (level > 0) { 
				if (elmName.value.toLowerCase() == "administrator" || elmName.value.toLowerCase() == "default") {
					if (!ew_OnError(elmName, "User defined User Level name cannot be 'Administrator' or 'Default'"))
						return false;
				}
			}
		}
	}
	return true;
}

//-->
</script>
<script type="text/javascript">
<!--
var ew_DHTMLEditors = [];

//-->
</script>
<script type="text/javascript">
<!--
var ew_MultiPagePage = "Page"; // multi-page Page Text
var ew_MultiPageOf = "of"; // multi-page Of Text
var ew_MultiPagePrev = "Prev"; // multi-page Prev Text
var ew_MultiPageNext = "Next"; // multi-page Next Text

//-->
</script>
<script language="JavaScript" type="text/javascript">
<!--

// Write your client script here, no need to add script tags.
// To include another .js script, use:
// ew_ClientScriptInclude("my_javascript.js"); 
//-->

</script>
<p><span class="phpmaker">Add to TABLE: userlevels<br><br><a href="<?php echo $userlevels->getReturnUrl() ?>">Go Back</a></span></p>
<?php
if (@$_SESSION[EW_SESSION_MESSAGE] <> "") { // Mesasge in Session, display
?>
<p><span class="ewmsg"><?php echo $_SESSION[EW_SESSION_MESSAGE] ?></span></p>
<?php
  $_SESSION[EW_SESSION_MESSAGE] = ""; // Clear message in Session
}
?>
<form name="fuserlevelsadd" id="fuserlevelsadd" action="userlevelsadd.php" method="post" onSubmit="return ew_ValidateForm(this);">
<p>
<input type="hidden" name="a_add" id="a_add" value="A">
<table class="ewTable">
  <tr class="ewTableRow">
    <td class="ewTableHeader">User Level ID<span class='ewmsg'>&nbsp;*</span></td>
    <td<?php echo $userlevels->UserLevelID->CellAttributes() ?>><span id="cb_x_UserLevelID">
<input type="text" name="x_UserLevelID" id="x_UserLevelID"  size="30" value="<?php echo $userlevels->UserLevelID->EditValue ?>"<?php echo $userlevels->UserLevelID->EditAttributes() ?>>
</span></td>
  </tr>
  <tr class="ewTableAltRow">
    <td class="ewTableHeader">User Level Name<span class='ewmsg'>&nbsp;*</span></td>
    <td<?php echo $userlevels->UserLevelName->CellAttributes() ?>><span id="cb_x_UserLevelName">
<input type="text" name="x_UserLevelName" id="x_UserLevelName"  size="30" maxlength="50" value="<?php echo $userlevels->UserLevelName->EditValue ?>"<?php echo $userlevels->UserLevelName->EditAttributes() ?>>
</span></td>
  </tr>
  <!-- row for permission values -->
  <tr class="ewTableRow">
    <td class="ewTableHeader">Permission</td>
    <td>
<input type="checkbox" name="x_ewAllowAdd" id="Add" value="<?php echo EW_ALLOW_ADD ?>">Add/Copy
<input type="checkbox" name="x_ewAllowDelete" id="Delete" value="<?php echo EW_ALLOW_DELETE ?>">Delete
<input type="checkbox" name="x_ewAllowEdit" id="Edit" value="<?php echo EW_ALLOW_EDIT ?>">Edit
<?php if (defined("EW_USER_LEVEL_COMPAT")) { ?>
<input type="checkbox" name="x_ewAllowList" id="List" value="<?php echo EW_ALLOW_LIST ?>">List/Search/View
<?php } else { ?>
<input type="checkbox" name="x_ewAllowList" id="List" value="<?php echo EW_ALLOW_LIST ?>">List
<input type="checkbox" name="x_ewAllowView" id="View" value="<?php echo EW_ALLOW_VIEW ?>">View
<input type="checkbox" name="x_ewAllowSearch" id="Search" value="<?php echo EW_ALLOW_SEARCH ?>">Search
<?php } ?>
</td>
  </tr> 
</table>
<p>
<input type="submit" name="btnAction" id="btnAction" value="    Add    ">
</form>
<script language="JavaScript" type="text/javascript">
<!--

// Write your table-specific startup script here
// document.write("page loaded");
//-->

</script>
<?php include "footer.php" ?>
<?php

// If control is passed here, simply terminate the page without redirect
Page_Terminate();

// -----------------------------------------------------------------
//  Subroutine Page_Terminate
//  - called when exit page
//  - clean up connection and objects
//  - if url specified, redirect to url, otherwise end response
function Page_Terminate($url = "") {
	global $conn;

	// Page unload event, used in current page
	Page_Unload();

	// Global page unloaded event (in userfn*.php)
	Page_Unloaded();

	 // Close Connection
	$conn->Close();

	// Go to url if specified
	if ($url <> "") {
		ob_end_clean();
		header("Location: $url");
	}
	exit();
}
?>
<?php

// Load default values
function LoadDefaultValues() {
	global $userlevels;
}
?>
<?php

// Load form values
function LoadFormValues() {

	// Load from form
	global $objForm, $userlevels;
	$userlevels->UserLevelID->setFormValue($objForm->GetValue("x_UserLevelID"));
	$userlevels->UserLevelName->setFormValue($objForm->GetValue("x_UserLevelName"));
}

// Restore form values
function RestoreFormValues() {
	global $userlevels;
	$userlevels->UserLevelID->CurrentValue = $userlevels->UserLevelID->FormValue;
	$userlevels->UserLevelName->CurrentValue = $userlevels->UserLevelName->FormValue;
}
?>
<?php

// Load row based on key values
function LoadRow() {
	global $conn, $Security, $userlevels;
	$sFilter = $userlevels->SqlKeyFilter();
	if (!is_numeric($userlevels->UserLevelID->CurrentValue)) {
		return FALSE; // Invalid key, exit
	}
	$sFilter = str_replace("@UserLevelID@", ew_AdjustSql($userlevels->UserLevelID->CurrentValue), $sFilter); // Replace key value

	// Call Row Selecting event
	$userlevels->Row_Selecting($sFilter);

	// Load sql based on filter
	$userlevels->CurrentFilter = $sFilter;
	$sSql = $userlevels->SQL();
	if ($rs = $conn->Execute($sSql)) {
		if ($rs->EOF) {
			$LoadRow = FALSE;
		} else {
			$LoadRow = TRUE;
			$rs->MoveFirst();
			LoadRowValues($rs); // Load row values

			// Call Row Selected event
			$userlevels->Row_Selected($rs);
		}
		$rs->Close();
	} else {
		$LoadRow = FALSE;
	}
	return $LoadRow;
}

// Load row values from recordset
function LoadRowValues(&$rs) {
	global $userlevels;
	$userlevels->UserLevelID->setDbValue($rs->fields('UserLevelID'));
	if (is_null($userlevels->UserLevelID->CurrentValue)) {
		$userlevels->UserLevelID->CurrentValue = 0;
	} else {
		$userlevels->UserLevelID->CurrentValue = intval($userlevels->UserLevelID->CurrentValue);
	}
	$userlevels->UserLevelName->setDbValue($rs->fields('UserLevelName'));
}
?>
<?php

// Render row values based on field settings
function RenderRow() {
	global $conn, $Security, $userlevels;

	// Call Row Rendering event
	$userlevels->Row_Rendering();

	// Common render codes for all row types
	// UserLevelID

	$userlevels->UserLevelID->CellCssStyle = "";
	$userlevels->UserLevelID->CellCssClass = "";

	// UserLevelName
	$userlevels->UserLevelName->CellCssStyle = "";
	$userlevels->UserLevelName->CellCssClass = "";
	if ($userlevels->RowType == EW_ROWTYPE_VIEW) { // View row
	} elseif ($userlevels->RowType == EW_ROWTYPE_ADD) { // Add row

		// UserLevelID
		$userlevels->UserLevelID->EditCustomAttributes = "";
		$userlevels->UserLevelID->EditValue = ew_HtmlEncode($userlevels->UserLevelID->CurrentValue);

		// UserLevelName
		$userlevels->UserLevelName->EditCustomAttributes = "";
		$userlevels->UserLevelName->EditValue = ew_HtmlEncode($userlevels->UserLevelName->CurrentValue);
	} elseif ($userlevels->RowType == EW_ROWTYPE_EDIT) { // Edit row
	} elseif ($userlevels->RowType == EW_ROWTYPE_SEARCH) { // Search row
	}

	// Call Row Rendered event
	$userlevels->Row_Rendered();
}
?>
<?php

// Add record
function AddRow() {
	global $conn, $Security, $userlevels;
	if (trim(strval($userlevels->UserLevelID->CurrentValue)) == "") {
		$_SESSION[EW_SESSION_MESSAGE] = "Missing User Level ID";
	} elseif (trim($userlevels->UserLevelName->CurrentValue) == "") {
		$_SESSION[EW_SESSION_MESSAGE] = "Missing User Level name";
	} elseif (!is_numeric($userlevels->UserLevelID->CurrentValue)) {
		$_SESSION[EW_SESSION_MESSAGE] = "User Level ID must be integer";
	} elseif (intval($userlevels->UserLevelID->CurrentValue) < -1) {
		$_SESSION[EW_SESSION_MESSAGE] = "User defined User Level ID must be larger than 0";
	} elseif (intval($userlevels->UserLevelID->CurrentValue) == 0 && strtolower(trim($userlevels->UserLevelName->CurrentValue)) <> "default") {
		$_SESSION[EW_SESSION_MESSAGE] = "User level name for user level 0 must be 'Default'";
	} elseif (intval($userlevels->UserLevelID->CurrentValue) == -1 && strtolower(trim($userlevels->UserLevelName->CurrentValue)) <> "administrator") {
		$_SESSION[EW_SESSION_MESSAGE] = "User level name for user level -1 must be 'Administrator'";
	} elseif (intval($userlevels->UserLevelID->CurrentValue) > 0 && (strtolower(trim($userlevels->UserLevelName->CurrentValue)) == "administrator" || strtolower(trim($userlevels->UserLevelName->CurrentValue)) == "default")) {
		$_SESSION[EW_SESSION_MESSAGE] = "User defined User Level name cannot be 'Administrator' or 'Default'";
	}
	if (@$_SESSION[EW_SESSION_MESSAGE] <> "") {
		return FALSE;
	}

	// Check for duplicate key
	$bCheckKey = TRUE;
	$sFilter = $userlevels->SqlKeyFilter();
	if (trim(strval($userlevels->UserLevelID->CurrentValue)) == "") {
		$bCheckKey = FALSE;
	} else {
		$sFilter = str_replace("@UserLevelID@", ew_AdjustSql($userlevels->UserLevelID->CurrentValue), $sFilter); // Replace key value
	}
	if (!is_numeric($userlevels->UserLevelID->CurrentValue)) {
		$bCheckKey = FALSE;
	}
	if ($bCheckKey) {
		$rsChk = $userlevels->LoadRs($sFilter);
		if ($rsChk && !$rsChk->EOF) {
			$_SESSION[EW_SESSION_MESSAGE] = "Duplicate value for primary key";
			$rsChk->Close();
			return FALSE;
		}
	}
	$rsnew = array();

	// Field UserLevelID
	$userlevels->UserLevelID->SetDbValueDef($userlevels->UserLevelID->CurrentValue, 0);
	$rsnew['UserLevelID'] =& $userlevels->UserLevelID->DbValue;

	// Field UserLevelName
	$userlevels->UserLevelName->SetDbValueDef($userlevels->UserLevelName->CurrentValue, "");
	$rsnew['UserLevelName'] =& $userlevels->UserLevelName->DbValue;

	// Call Row Inserting event
	$bInsertRow = $userlevels->Row_Inserting($rsnew);
	if ($bInsertRow) {
		$conn->raiseErrorFn = 'ew_ErrorFn';
		$AddRow = $conn->Execute($userlevels->InsertSQL($rsnew));
		$conn->raiseErrorFn = '';
	} else {
		if ($userlevels->CancelMessage <> "") {
			$_SESSION[EW_SESSION_MESSAGE] = $userlevels->CancelMessage;
			$userlevels->CancelMessage = "";
		} else {
			$_SESSION[EW_SESSION_MESSAGE] = "Insert cancelled";
		}
		$AddRow = FALSE;
	}
	if ($AddRow) {

		// Call Row Inserted event
		$userlevels->Row_Inserted($rsnew);
	}

	// Add User Level priv
	if ($GLOBALS["x_ewPriv"] > 0 && is_array($GLOBALS["EW_USER_LEVEL_TABLE_NAME"])) {
		for ($i = 0; $i < count($GLOBALS["EW_USER_LEVEL_TABLE_NAME"]); $i++) {
			$sSql = "INSERT INTO " . EW_USER_LEVEL_PRIV_TABLE . " (" .
				EW_USER_LEVEL_PRIV_TABLE_NAME_FIELD . ", " .
				EW_USER_LEVEL_PRIV_USER_LEVEL_ID_FIELD . ", " .
				EW_USER_LEVEL_PRIV_PRIV_FIELD . ") VALUES ('" .
				ew_AdjustSql($GLOBALS["EW_USER_LEVEL_TABLE_NAME"][$i]) .
				"', " . $userlevels->UserLevelID->CurrentValue . ", " . $GLOBALS["x_ewPriv"] . ")";
			$conn->Execute($sSql);
		}
	}
	return $AddRow;
}
?>
<?php

// Page Load event
function Page_Load() {

	//echo "Page Load";
}

// Page Unload event
function Page_Unload() {

	//echo "Page Unload";
}
?>
